[bind] On utilise les paramètres de config.py pour générer la configuration (le plus possible). Ajout de résolveur forward-only, ajout des zones reverses automatiquement.
Ignore-this: 7a8d861f375286e92cdc5ca7895a53ba darcs-hash:20130126180241-3a55a-fd022b037cd914c55a6079e83d5089b98b2a0403.gz
This commit is contained in:
Valentin Samir
parent
85abb8d4f0
commit
d68ab2fedd
4 changed files with 65 additions and 41 deletions
|
|
@ -19,8 +19,6 @@
|
|||
</Group>
|
||||
<Group name="vlan-accueil">
|
||||
<Path name="/etc/bind/db.fake"/>
|
||||
<Path name="/etc/bind/generated/zones_crans"/>
|
||||
<Action name="bind-permission"/>
|
||||
</Group>
|
||||
<Package name="bind9"/>
|
||||
<Service name="bind9"/>
|
||||
|
|
|
|||
|
|
@ -355,7 +355,7 @@
|
|||
<Group name="routeur"
|
||||
profile="true">
|
||||
<Group name="crans-squeeze-domu"/>
|
||||
<Group name="dns-recursif"/>
|
||||
<Group name="dns-forward-only"/>
|
||||
<Group name="dnssec-validation"/>
|
||||
<Group name="vlan-radin"/>
|
||||
<Group name="vlan-accueil" />
|
||||
|
|
@ -651,6 +651,11 @@
|
|||
comment="un serveur DNS récursif de l'association">
|
||||
<Group name="dns-server"/>
|
||||
</Group>
|
||||
|
||||
<Group name="dns-forward-only"
|
||||
comment="un serveur DNS forwardant les requête à un récursif">
|
||||
<Group name="dns-server"/>
|
||||
</Group>
|
||||
|
||||
|
||||
<Group name="dns-secondary-no-forward"
|
||||
|
|
|
|||
|
|
@ -4,27 +4,51 @@ info["owner"] = "root"
|
|||
info["group"] = "bind"
|
||||
info["perms"] = 0644
|
||||
|
||||
import config
|
||||
from gen_confs.bind import netv4_to_arpa, netv6_to_arpa
|
||||
|
||||
comment_start = "//"
|
||||
|
||||
header("Conf locale de Bind9")
|
||||
|
||||
def forward_zone(zone,forwarders):
|
||||
print """zone "%s" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { %s; };
|
||||
};
|
||||
""" % (zone,'; '.join(forwarders))
|
||||
|
||||
def reverse_crans():
|
||||
for net in set(config.dns.zones_reverse):
|
||||
for zone in netv4_to_arpa(net):
|
||||
forward_zone(zone, [config.dns.master] + config.dns.slaves)
|
||||
|
||||
for net in set(config.dns.zones_reverse_v6):
|
||||
forward_zone(netv6_to_arpa(net), [config.dns.master] + config.dns.slaves)
|
||||
|
||||
def direct_crans():
|
||||
for zone in config.dns.zones_direct:
|
||||
forward_zone(zone, [config.dns.master] + config.dns.slaves)
|
||||
|
||||
if has("vlan-accueil"):
|
||||
@view "accueilview" {
|
||||
@ match-clients { "accueil"; };
|
||||
@
|
||||
@ // zones crans
|
||||
@ include "/etc/bind/generated/zones_crans";
|
||||
@// On resoud les zones crans
|
||||
direct_crans()
|
||||
@
|
||||
@ // Zones RFC 1918
|
||||
@ include "/etc/bind/zones.rfc1918";
|
||||
@
|
||||
@ recursion no;
|
||||
@// On effectue la resolution inverse pour les ips crans
|
||||
reverse_crans()
|
||||
@
|
||||
@// On ment pour le reste
|
||||
@ zone "." {
|
||||
@ type master;
|
||||
@ file "/etc/bind/db.fake";
|
||||
@ };
|
||||
@};
|
||||
@
|
||||
@ recursion no;
|
||||
|
||||
@view "others" {
|
||||
@ match-clients { any; };
|
||||
|
|
@ -39,13 +63,13 @@ if has("dns-secondary-no-forward") or has("dns-secondary") or has("dns-primary")
|
|||
@zone "tv.crans.org" {
|
||||
@ type slave;
|
||||
@ file "/etc/bind/generated/db.tv.crans.org";
|
||||
@ masters { 138.231.136.243; };
|
||||
print" masters { %s; };" % config.dns.master_tv
|
||||
@};
|
||||
|
||||
@zone "239.in-addr.arpa" {
|
||||
@ type slave;
|
||||
@ file "/etc/bind/generated/db.239.in-addr.arpa";
|
||||
@ masters { 138.231.136.243; };
|
||||
print" masters { %s; };" % config.dns.master_tv
|
||||
@};
|
||||
|
||||
elif has("dns-tv"):
|
||||
|
|
@ -69,21 +93,21 @@ elif has("dns-recursif"):
|
|||
@zone "239.in-addr.arpa" {
|
||||
@ type forward;
|
||||
@ forward only;
|
||||
@ forwarders { 138.231.136.243; 138.231.136.9; };
|
||||
print " forwarders { %s; };" % '; '.join([config.dns.master_tv, config.dns.master] + config.dns.slaves)
|
||||
@};
|
||||
|
||||
@zone "136.231.10.in-addr.arpa" {
|
||||
@ type forward;
|
||||
@ forward only;
|
||||
@ forwarders { 138.231.136.9; 138.231.136.14; };
|
||||
@};
|
||||
reverse_crans()
|
||||
|
||||
elif has("dns-forward-only"):
|
||||
@forward only;
|
||||
print "forwarders { %s; };" % '; '.join(config.dns.recursiv)
|
||||
|
||||
@// anti SPAM
|
||||
@// Rajout pour generer le forward vers ariane pour la zone rbl-plus.mail-abuse.org --Nico 21/04/02
|
||||
@zone "rbl-plus.mail-abuse.org" {
|
||||
@ type forward;
|
||||
@ forward only;
|
||||
@ forwarders { 138.231.176.4 ; };
|
||||
print" forwarders { %s ; }; " % config.dns.parent
|
||||
@};
|
||||
@
|
||||
|
||||
|
|
|
|||
|
|
@ -8,23 +8,19 @@ comment_start = "//"
|
|||
|
||||
header("Options de Bind9")
|
||||
|
||||
comment("Listes d'accès")
|
||||
import config
|
||||
|
||||
comment("Listes d'acces")
|
||||
if has("vlan-isolement"):
|
||||
print 'acl "isolement" { %s; };' % '; '.join(config.NETs['isolement'])
|
||||
if has("vlan-radin"):
|
||||
@acl "radins" { 10.42.0.0/16; };
|
||||
print 'acl "radins" { %s; };' % '; '.join(config.NETs['gratuit'])
|
||||
if has("vlan-accueil"):
|
||||
@acl "accueil" { 10.51.0.0/16; };
|
||||
print 'acl "accueil" { %s; };' % '; '.join(config.NETs['accueil'])
|
||||
if has("vlan-ens"):
|
||||
@acl "appartement" { 10.2.9.0/24; };
|
||||
@acl "crans" {
|
||||
@ 138.231.136.0/21;
|
||||
@ 138.231.144.0/21;
|
||||
@ 2a01:240:fe3d:4::/64;
|
||||
@ 2a01:240:fe3d:f7::/64;
|
||||
@};
|
||||
@acl "cransadm" {
|
||||
@ 10.231.136.0/24;
|
||||
@ 2a01:240:fe3d:c804::/64;
|
||||
@};
|
||||
print 'acl "appartement" { %s; };' % '; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens'])
|
||||
print 'acl "crans" { %s; };' % '; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all'])
|
||||
print 'acl "cransadm" { %s; };' % '; '.join(config.prefix['adm'] + config.NETs['adm'])
|
||||
|
||||
|
||||
@options {
|
||||
|
|
@ -35,28 +31,29 @@ if has("dns-primary"):
|
|||
@ include "/etc/bind/named.conf.notify";
|
||||
|
||||
|
||||
if has("dns-recursif"):
|
||||
if has("dns-recursif") or has("dns-forward-only"):
|
||||
zones=["127.0.0.1", "crans", "cransadm"]
|
||||
if has("vlan-ens"):
|
||||
zones.append("appartement")
|
||||
if has("vlan-radin"):
|
||||
zones.append("radins")
|
||||
if has("vlan-accueil"):
|
||||
zones.append("accueil")
|
||||
print " allow-query-cache { %s; };" % ';'.join(zones)
|
||||
print " allow-recursion { %s; };" % ';'.join(zones)
|
||||
print " allow-query-cache { %s; };" % '; '.join(zones)
|
||||
print " allow-recursion { %s; };" % '; '.join(zones)
|
||||
@ recursive-clients 5000;
|
||||
|
||||
else:
|
||||
@ allow-query-cache { };
|
||||
@ allow-recursion { };
|
||||
@ allow-query-cache { 127.0.0.1; };
|
||||
@ allow-recursion { 127.0.0.1; };
|
||||
if has("dns-primary") or has("dns-tv"):
|
||||
@ allow-transfer {
|
||||
@ 127.0.0.1;
|
||||
@ 138.231.136.0/21; // fixes
|
||||
@ 82.225.39.54; // freebox
|
||||
@ 138.231.148.0/22; // wifi
|
||||
@ 10.231.136.0/24; // adm
|
||||
@ 138.231.176.4; // ariane
|
||||
print " %s;" % ';\n '.join(config.dns.slaves)
|
||||
print " %s;" % config.dns.parent
|
||||
@ };
|
||||
@ allow-query { any; };
|
||||
@ auth-nxdomain no; # conform to RFC1035
|
||||
|
|
@ -65,11 +62,11 @@ if has("dns-primary") or has("dns-tv"):
|
|||
@ listen-on-v6 { any; };
|
||||
@
|
||||
|
||||
if not has("dns-secondary-no-forward"):
|
||||
if not has("dns-secondary-no-forward") and not has("dns-forward-only"):
|
||||
@ // Ne pas modifier le commentaire de fin de ligne suivant,
|
||||
@ // traitement automatique pour la connexion de secours
|
||||
@ // (ligne decommentee automatiquement en mode secours)
|
||||
@// forwarders { 138.231.136.14; } ; #POUR SECOURS
|
||||
print"// forwarders { %s; } ; #POUR SECOURS" % config.dns.secours_relay
|
||||
|
||||
if has("dnssec-validation"):
|
||||
@ dnssec-enable yes;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue